Tom,
There have been a number of discussions on this list in the past few months
on Cisco's "fixup protocol smtp". The general conclusion is that it is more
trouble that its worth, particularly for a mail system with inbuilt security
features such as Exchange. I suggest taking a look at exactly what it does
and that may help convince your Cisco person that it as at least unhelpful.
Basically, it restricts you to a subset of basic SMTP commands so all the
advanced features of ESMTP that Exchange can use get blocked. The sort of
thing that will get lost are message size declarations that could be used to
block someone tying up your line with oversize messages. There is no
security advantage in blocking such functions.
I haven't checked the documentation other than for version 5.2 of the PIX
software but in that version they advise putting an Exchange (IMS) in the
DMS as a security measure. This is absolute rubbish - you would have to open
far more ports than SMTP to get their configuration to work and you would be
far better off using something like Mimesweeper as a relay and virus scanner
or having solid virus scanning on Exchange itself.
regards,
Richard Dann
> -----Original Message-----
> From: Tom Meunier [SMTP:[EMAIL PROTECTED]]
> Sent: Sunday, August 26, 2001 1:27 AM
> To: Exchange Discussions
> Subject: RE: CISCO Pix FixUp Protocol
>
> This has been a continuing sticking point between our Cisco person and
> me. I insist that he turn it off, and he doesn't like it one bit. We
> haven't really tested it properly. We had some problems earlier this
> year, got a new IOS, and haven't had any problems since. Cisco blames
> any problems on Microsoft. I can turn mailguard on & off and mail
> doesn't bounce.
>
> So here's the deal: Anyone out there who is having problems with
> somebody who refuses to disable their smtp fixup protocol, please let me
> know off-list. For sake of information, I'd like to see if I can turn
> mine on temporarily and send mail get through it, from a foreign system
> that we ALREADY KNOW is having issues. That way we can at least see if
> there's a difference in results based upon IOS version, the Pix model,
> whatever. I've got an inkling that there may be, but I only have one
> Pix, and I'm not about to roll it back.
>
> So anyone who thinks they're having problems sending through the
> mailguard feature of the Pix, please send me an off-list email and I'll
> set aside a few hours to do some testing within the next couple of
> weeks.
>
> (And Jean-Francois, if you'd like to act as a control group, I'd
> appreciate it - the state won't buy me a spare pix ;) )
>
> Tom Meunier
> Network Administrator
> State of Texas Office of Court Administration
> (512) 463-0282
> [EMAIL PROTECTED]
>
> -----Original Message-----
> From: Jean-Francois Bourdeau
> [mailto:[EMAIL PROTECTED]]
> Posted At: Saturday, August 25, 2001 8:42 AM
> Posted To: MSExchange Mailing List
> Conversation: CISCO Pix FixUp Protocol
> Subject: CISCO Pix FixUp Protocol
>
>
> Hi
>
> Does anyone had problem with the CISCO Pix FixUp Protocol feature ?
>
> When activating that my ex 2000 can't receive email
>
> We desactivated the FixUp Protocol
>
> JF
>
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Archives: http://www.swynk.com/sitesearch/search.asp
> To unsubscribe: mailto:[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
>
Nextra is the trading name of CIX (Compulink Information Exchange), Norsk
Data and XTML, all of whom are part of the Nextra Group.
Nextra, a division of international telecoms organisation Telenor, is a
leading European Communications Service Provider. For information on
products and services click on www.nextra.co.uk.
With the exclusion of purchase orders/requests with reference to repair
quotations the views, information and opinion contained in this e-mail are
that of the author. Where it is intended to place reliance upon any
statement made, then a formal confirmation should be requested.
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
